There's a bug that prevents the visual panel from restarting until the desktop is restarted:

bleonard@solaris:~$ sudo svcadm restart gdm

You can then successfully start the visual panel from the System > Administration > Apache Web Server menu.

Start Apache

Select "Enable the Apache web server" and click Apply:

You'll be prompted to authenticate yourself. Enter your Username:

And then select the root role:

Wait while the instance transitions to online. And you're up and running:

Configuring SSL

Getting a Certificate

The key piece needed for secure communication is a certificate. Ideally this certificate would be signed by an authority, such as VeriSign, GoDaddy or Comodo. However, for the purposes of this example, and the fact that I'm not actually setting up a public facing server that can be verified by an authority, we'll be using a self-signed certificate.

O'Reilly has a good article on Configuring SSL Under Apache, which includes a nice explanation of using openssl for creating a self-signed certificate. As well as the steps necessary to get your certificate signed. I won't bother repeating that information here, other than the steps I took to create the self-signed certificate:

Browse Securely

Under the Technical Details you'll see that the certificate is untrusted because it's self-signed, which we've already addressed.

Select Add Exception and you'll be presented with another dialog to add a security exception:

Select Confirm Security Exception and you'll be securely browsing:

Beyond the Apache Visual Panel

You can disable/enable/restart apache through its SMF interface:

bleonard@solaris:~$ sudo svcadm disable apache2

The apache2 SMF service writes its configuration information out to /etc/vpanels/httpd.conf for Apache to read on startup. You can see the changes that were made by the addition of another virtual host:

It's important to note the differences between using the Apache visual panel GUI and the default Apache command line interface. The Apache visual panel stores all of Apache's configuration information in the SMF repository and writes out the httpd.conf configuration file when the service is started, so you can directly edit httpd.conf. The default Apache SMF service, apache22, reads Apache's configuration information from the configuration file at /etc/apache2/2.2/httpd.conf. So there are two important considerations here:

Don't attempt to start Apache using both SMF interfaces, apache22 (default) and apache2 (visual panel), as it will just create a conflict.

If you're looking to customize Apache beyond what the visual panel interface allows, I would recommend going with the default interface, apache22, and customizing /etc/apache2/2.2/httpd.conf.

Tuesday May 11, 2010

I noticed my Apache web server had one process that ran as root, which then forked other processes as user webservd.
The reason for this is that apache wants access to port 80, which
traditionally requires root privileges. To improve upon this
all-or-nothing security model, Solaris 10 introduced the concept of
fine-grained privileges, and in OpenSolaris there are now 75 of them.

What this means is that I can now give a process, which has
traditionally run with root privileges, just the privileges it needs to
get its job done - a concept known as least privilege. The trick, of course, is figuring out which privileges a process needs.